Thunder Crypt (or ThunderCrypt) is a ransomware that was developed to encrypt data and demand money for returning it to its previous state. It employs a hybrid RSA-2048 algorithm to achieve its goals and starts attacking files immediately after infiltrating the system, rendering them unusable as a result. The entire process happens in the background, so you don’t even realize that something out of ordinary is taking place until it’s too late. And the situation may certainly seem hopeless, as the changes made to your data can’t be undone without using a decryption key which can only be bought from the creators of Thunder Crypt.

Security researchers are also hard at work and constantly develop new solutions to help battle ransomware, but, unfortunately, there’s no such solution for this particular threat at the moment. Still, it doesn’t mean that giving your hard-earned money away to cybercriminals is the only way out. You can also regain access to your files by installing a special security program – for example, Plumbytes Anti-Malware. A detailed manual on how to use it is provided right below this article, so you don’t have to worry about making a mistake. And when the virus is eliminated, you can restore all the data from backup.

As you can see, it’s entirely possible to defeat con artists behind Thunder Crypt at their own game, but it’s still better to avoid ransomware than deal with it. To do that, steer clear of attachments contained in spam emails, no matter what they’re disguised as, and don’t click on links and advertisements hosted on file-sharing services and XXX pages – this is how threats of this type are mainly distributed. Don’t put yourself under unnecessary risks while surfing the Internet and everything should be fine and dandy with the computer going forward. Ransomware is dangerous, but it can be dodged and now you know how.

You may find .txt or .html ransomware instruction files in system folders.

Your desktop screen might be locked, so you can’t access your PC.

Pop-up messages that ask you to pay “a ransom” to get access to your PC or files again.

Ransomware may delete important system files

Sluggish PC performance.

Your anti-virus software stops working.

Sources of Thunder Crypt ransomware infection

Spam emails that contain malicious attachments or hyperlinks.

Compromised websites that have exploit code injected in their web pages.

Vulnerabilities in unpatched Windows operating system.

Vulnerabilities in outdated web browsers.

Drive-by downloads.

Fake Flash Player update websites.

Installing pirated software or operating systems.

Facebook spam messages that contain malicious attachments or links.

Malicious SMS messages (ransomware may target mobile devices).

Malvertising campaigns (pop-up and banner ads).

Self-propagation (spreading from one infected PC to another via LAN networks).

Infected game servers.

Botnets.

Peer-to-peer networks.

My PC is infected with Thunder Crypt! What should I do?

STEP 1. Create an image of your system and back up encrypted files

Some ransomware viruses have hidden scripts that may remove or overwrite all encrypted files after a certain amount of time has passed after infiltration. We strongly recommend to create a backup of all of your encrypted files before trying to decrypt or restore them. You should find all the encrypted files that end with ransomware file extension and copy them to an external hard drive or USB flash drive.

Install one of the recommended anti-malware tools listed below and scan your computer for viruses. Anti-malware program will detect all malicious files and move them to quarantine in order to block ransomware activity on your computer. Do NOT delete any of quarantined files! They can be helpful to identify which encryption method was used in your case and if any features match known types of ransomware.

Remove Ransomware with Plumbytes Anti-Malware

1. You should download Plumbytes Anti-Malware installer to scan your computer for any ransomware and other malware that might infected your computer. Plumbytes Anti-Malware is a trusted software that can detect and remove most of security threats, including adware, ransomware, PUPs, trojans, worms and rootkits.

3. Click “Install” button to start the installation process. The setup wizard will automatically start to download necessary program files to your computer. Once download completed, Plumbytes Anti-Malware will be automatically installed on your computer. The entire installation process takes only 2-3 minutes.

4. Once installed, Plumbytes Anti-Malware will automatically update its antivirus signatures database and then start smart system scan to detect all malware, adware, spyware and other security threats.

If you want to purchase Plumbytes Anti-Malware license key, you can apply PLUMNGZ250 coupon code in order to get a 50% discount.

Double-Check your PC with SpyHunter 4 Anti-Malware

6. You can double-check your computer with SpyHunter Anti-Malware in order to remove any leftover malware and ransomware traces. SpyHunter 4 is considered as one of the best and most effective anti-ransomware tools today. Click the following link to download SpyHunter installation package or just click the download button below.

8. When the installation starts, the Setup Wizard will offer a few options and settings that you may want to configure. We recommend just clicking “Next” button to accept the default application settings. You can check out our detailed SpyHunter 4 Anti-Malware Setup & User Guide which can help you to go through the installation process and provide important information about malware scans and program settings.

10. You will see the detailed list of viruses and potentially unwanted applications detected on your PC. Click “Next” button to clear your PC from malicious files, adware and PUPs.

Alternate Recommended Anti-Malware Tools

The following awesome full-scale anti-malware products also have proved their effectiveness against all types of malware and adware. However, some of these anti-malware programs don’t provide a free trial version, and you’ll have to purchase a license key in order to clean your computer from the detected malware and PUPs.

STEP 3. Identify the type of ransomware virus

If you don’t know what type of ransomware has infected your PC, you should try ID Ransomware free online service. Visit ID Ransomware website and upload a ransom note or a sample encrypted file to identify the ransomware strain.

You can also give a try to the VirusTotal.com free service the same way in order to determine which ransomware family you are dealing with.

STEP 4. Find out if there is a decryption tool

Once you’ve identified the exact type of ransomware, you should try to find if there is an effective decrypter available for your encrypted files. In this case, you’ll be lucky to recover your important data withour spending your money on paying the ransom.

No More Ransom! Project

Nomoreransom.org website was launched in 2016 and is backed by reputable top security companies and security institutions in many countries. Visit the Crypto Sheriff https://www.nomoreransom.org/crypto-sheriff.php page at Nomoreransom.org, upload one of your encrypted files, and you will find out if there is a solution available to decrypt all of your files for free.

EmsiSoft Decrypter

EmsiSoft’s team continiously works on development of free decrypters for different types of ransomware. Check out Decrypter.emsisoft.com web page for the ransomware decryptor you need. Currently there are more than 40 working decryptors for different crypto-ransomware families.

Avast Free Ransomware Decryption Tools

Trend Micro Ransomware File Decryptor

Trend Micro Ransomware File Decryptor tool is able to decrypt files encypted by different types of ransomware. Visit TrendMicro website to find detailed instructions and video guide for this decryptor tool.

STEP 5. No Decrypter available? We’re still here to help you

Unfortunately, most recent file-encrypting ransomware don’t have a working decryption solution. Loosely speaking, if you don’t pay attackers for a copy of the private decryption key, you can get stuck with blocked important files for a long time. However, in many cases, even after paying large sum of ransom victims still don’t receive the key to unblock their files. According to statistics, one in five victims who paid the ransom never got their files back. Remember: if you pay the ransom, you directly contribute to the financial success of cyber criminality. Before you decide to pay the ransomware demand, you should better try to gather all available information about the particular type of crypto-ransomware that infected your system.

1. Check out our manual removal guide below. If the ransomware that infected your computer doesn’t delete shadow volume copies from local hard drive, you can try to use System Restore feature to roll Windows operating system back in time or to recover your files from system snapshots.

Malwareless.com website’s team strives to provide all actual and valuable information about ransomware viruses. We continuously monitor latest decryptor tools and add them to the removal instructions.

2. Bleepingcomputer.com website has a great Ransomware Help & Tech Support forum section with quite active ransomware discussions that may save you a lot of money and time. Check the particular forum topics about the type of ransomware that infected your computer and follow the provided instructions.

Remove Thunder Crypt Ransomware Manually (Removal Guide)

Notice: Manual removal guide is recommended to experienced PC users only. Incorrect modifications introduced into Windows operating system settings, Windows Registry or browser settings may result in system fails or software errors.

We’ve created this detailed removal guide to help you manually remove Thunder Crypt and any other ransomware threats from your computer. Please carefully follow all the steps listed in the instruction. We’ve attached detailed screenshots, video guides and descriptions for your convenience. If you have any questions or issues, please contact us via email, public forum or online contact form. You can also add your comments to this guide below.

Thunder Crypt removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Thunder Crypt ransomware from your PC.

You can start Windows 10 in Safe Mode with Networking using one of the easy methods below. Depending on the type of ransomware, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into safe mode.

The easiest method for booting into Safe Mode with Networkingis to use the Advanced options settings.

Click Windows button in the bottom-left corner and select Power option, then hold Shift key and click Restart.

You computer will be rebooted once again. You will see the following window with a few options. Select Troubleshoot option.

Next, select Advanced options.

Go to Startup Settings in the Advanced options window.

Click Restart button.

You computer will be rebooted once again. You will see Startup Settings window with different advanced troubleshooting modes.

Select Enable Safe Mode with Networking and press F5 to activate this mode. Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove ransomware from your PC.

Desktop screenshot of the Safe Mode with Networking

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Thunder Crypt malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by ransomware

Once an exploit kit infiltrates into your computer, it downloads and installs
ransomware files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the ransomware virus:

\%TEMP%\

\%APPDATA%\

\%ProgramData%\

\%UserpProfile%\

STEP 4: Clean your Windows Registry (for experienced users only)

It’s strongly recommended to clean your Windows Registry to remove all entries associated with ransomware infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

Thunder Crypt removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Thunder Crypt ransomware from your PC.

You can start Windows 8.1 in Safe Mode with Networking using one of the easy methods below. Depending on the type of ransomware, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into safe mode.

The easiest method for booting into Safe Mode with Networkingis to use the Advanced options settings.

Once your computer restarts successfully, you will see a window with three options available. Select Troubleshoot option.

Next, select Advanced options.

Next, go to Startup Settings.

Click Restart button.

You computer will be rebooted once again. You will see Startup Settings window with different advanced troubleshooting modes.

Select Enable Safe Mode with Networking and press F5 to activate this mode. Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove ransomware from your PC.

Desktop screenshot of the Safe Mode with Networking.

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Thunder Crypt malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by ransomware

Once an exploit kit infiltrates into your computer, it downloads and installs ransomware files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the ransomware virus:

\%TEMP%\

\%APPDATA%\

\%ProgramData%\

\%UserpProfile%\

STEP 4: Clean your Windows Registry (for experienced users only)

It’s strongly recommended to clean your Windows Registry to remove all entries associated with ransomware infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

Thunder Crypt removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Thunder Crypt ransomware from your PC.

You can start Windows 7 in Safe Mode with Networking using one of the easy methods below. Depending on the type of ransomware, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into safe mode.

Use the arrow keys to highlight Safe Mode with Networking on the Advanced Boot Options screen. Hit Enter key.

Your computer will boot up in safe mode with a black blank screen and with the words “Safe Mode” in all four corners.

Desktop screenshot of the Windows 7 Safe Mode with Networking.

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Thunder Crypt malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by ransomware

Once an exploit kit infiltrates into your computer, it downloads and installs ransomware files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the ransomware virus:

\%TEMP%\

\%APPDATA%\

\%ProgramData%\

\%UserpProfile%\

STEP 4: Clean your Windows Registry (for experienced users only)

It’s strongly recommended to clean your Windows Registry to remove all entries associated with ransomware infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

(Optional) Thunder Crypt removal using Safe Mode with Command Prompt

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore using Safe Mode with Command Prompt.

This method works only if System Protection feature is enabled on your Windows 7 computer. You can find more information about System Protection feature in the following article on our website.

Restart your computer. During your PC boot process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then use arrow keys to select Safe Mode with Command Prompt from the list.

Windows XP

Remove Ransomware from Windows XP

Thunder Crypt removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Thunder Crypt ransomware from your PC.

You can start Windows XP in Safe Mode with Networking using one of the easy methods below. Depending on the type of ransomware, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into safe mode.

Your computer will boot up in safe mode with a black blank screen and with the words “Safe Mode” in all four corners.

Click Yes button to proceed to work in safe mode.

Desktop screenshot of the Windows XP Safe Mode with Networking.

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Thunder Crypt malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by ransomware

Once an exploit kit infiltrates into your computer, it downloads and installs ransomware files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the ransomware virus:

\%TEMP%\

\%APPDATA%\

\%ProgramData%\

\%UserpProfile%\

STEP 4: Clean your Windows Registry (for experienced users only

It’s strongly recommended to clean your Windows Registry to remove all entries associated with ransomware infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

(Optional) Thunder Crypt removal using Safe Mode with Command Prompt

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore using Safe Mode with Command Prompt.

This method works only if System Protection feature is enabled on your Windows XP computer. You can find more information about System Protection feature in the following article on our website.

Restart your computer. During your PC boot process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then use arrow keys to select Safe Mode with Command Prompt from the list.

To restore files encrypted by ransomware, try using Windows Previous Versions feature. This recovery method is only effective if the System Restore option was enabled on your Windows operating system. Notice: some types of ransomware are known to remove Shadow Volume Copies of the files, so this method may not be working on your computer.

Recover your files using ShadowExplorer program

You can also try using a third-party software to recover files deleted, damaged or encrypted by ransomware attack. We recommend you to install ShadowExplorer version 0.9 – this tool is free and user-friendly. ShadowExplorer allows to browse through Shadow Copies of your files created by the Windows Volume Shadow Copy Service. Notice: some types of ransomware are known to remove Shadow Volume Copies of the files, so this method may not be working on your computer.

Enable “Show File Extensions” option in order to see what types of files you open. Stay away from suspicious files with extensions like ‘.exe’, ‘.vbs’ and ‘.scr’.
Ransomware files often can look like they have two extensions – e.g., “.pdf.exe”, “.avi.exe” or “.xlsx.scr” – so pay attention to the files of this sort.

Disable Windows PowerShell framework.

Disable Windows Script Host (WSH) technology.

Use the Windows Group or Local Policy Editor to create Software Restriction Policies to disable executable files running from AppData, LocalAppData, Temp, ProgramData and Windows\SysWow folders.

Disable file sharing to make sure that the ransomware virus will stay isolated to infected PC only.

Disable Remote Desktop Protocol (RDP).

Switch off unused Bluetooth or infrared ports.

Keep the Windows Firewall turned on and properly configured.

Use a trusted ransomware-blocking anti-malware software and keep its database up-to-date.

If one of our removal guides helped you to solve your PC problem, please consider making a small donation to support our website. Your donation will really help us in the evolving struggle against malware of all types!

At Malwareless.com we strive to provide effective manuals to remove annoying adware, pop ups,
browser hijackers, ransomware, tech support scams and other actual PC security threats. Our
detailed removal instructions will help you to get rid of most common malware and security
threats.